資訊管理學報
葉桂珍;張榮庭;
頁: 113-143
日期: 2006/04
摘要: 資訊系統的複雜化雖然為企業帶來可觀的效益,同時也帶來風險。有鑑於此,許多學者紛紛提出維護企業資訊安全的方法及相對因應策略(如Rainer et al. 1991;Straub & Welke 1998;von Solms et al. 1994;Ølnes 1994)。這些理論與方法雖然提供企業不少資訊安全解決之道,但多數未考慮企業自身屬性,如產業別或資訊化程度等,在擬定資訊安全策略上之重要性。然而,針對企業屬性適當地制定經營策略,是企業經營上不可避免的要點。本研究目的即在探討不同產業型態及資訊化程度之企業對資訊風險的看法,包括資訊風險對目前及未來產業之可能威脅,以及這些產業所採取之相對防護策略與措施等,以瞭解台灣不同產業間在擬定資訊安全策略上之適當性。
關鍵字: 資訊安全;資訊風險;資訊安全策略;資訊化程度;
Abstract: As businesses become increasingly dependent on information systems for strategic operations, the issues of information security emerge. Many MIS researchers (e.g., Rainer et al. 1991; Straub & Welke 1998; Von Solms et al. 1994; and Ølnes 1994) have proposed theories and practices against information risks. While useful solutions were provided, seldom have considered associations of business information security strategy with the industrial sector and the computerization level. The purpose of this paper is to construct the feasible information security strategy that identify the protections required to avoid the information risks. Through comparing the perceived seriousness of the potential information risks with the degree of preparation against them, and with the perceived trend of information risk in the future, main information risks are inferred for businesses in different sectors and computerization levels. Organizations must become aware of these critical areas and ensure that the appropriate security measures are implemented to reduce the possibility of loss.
Keywords: Information Security;Information Risk;Information Security Strategy;Level of computerization;
瀏覽次數: 9519 下載次數: 84
引用 導入Endnote
頁: 113-143
日期: 2006/04
摘要: 資訊系統的複雜化雖然為企業帶來可觀的效益,同時也帶來風險。有鑑於此,許多學者紛紛提出維護企業資訊安全的方法及相對因應策略(如Rainer et al. 1991;Straub & Welke 1998;von Solms et al. 1994;Ølnes 1994)。這些理論與方法雖然提供企業不少資訊安全解決之道,但多數未考慮企業自身屬性,如產業別或資訊化程度等,在擬定資訊安全策略上之重要性。然而,針對企業屬性適當地制定經營策略,是企業經營上不可避免的要點。本研究目的即在探討不同產業型態及資訊化程度之企業對資訊風險的看法,包括資訊風險對目前及未來產業之可能威脅,以及這些產業所採取之相對防護策略與措施等,以瞭解台灣不同產業間在擬定資訊安全策略上之適當性。
關鍵字: 資訊安全;資訊風險;資訊安全策略;資訊化程度;
Information Security Strategy to Businesses in Different Sectors and Computerization Levels
Abstract: As businesses become increasingly dependent on information systems for strategic operations, the issues of information security emerge. Many MIS researchers (e.g., Rainer et al. 1991; Straub & Welke 1998; Von Solms et al. 1994; and Ølnes 1994) have proposed theories and practices against information risks. While useful solutions were provided, seldom have considered associations of business information security strategy with the industrial sector and the computerization level. The purpose of this paper is to construct the feasible information security strategy that identify the protections required to avoid the information risks. Through comparing the perceived seriousness of the potential information risks with the degree of preparation against them, and with the perceived trend of information risk in the future, main information risks are inferred for businesses in different sectors and computerization levels. Organizations must become aware of these critical areas and ensure that the appropriate security measures are implemented to reduce the possibility of loss.
Keywords: Information Security;Information Risk;Information Security Strategy;Level of computerization;
瀏覽次數: 9519 下載次數: 84
引用 導入Endnote